Apache 常見配置精解

1:讓Apache的索引顯示支援中文檔案和目錄

[[email protected] ~]# tail /usr/local/apache2/conf/extra/httpd-vhosts.conf

<VirtualHost 192.168.122.30:80>

DocumentRoot "/home/share"

<Directory /home/share>

Options indexes followsymlinks

order deny,allow

allow from all

</Directory>

ServerName   192.168.122.30

</VirtualHost>

[[email protected] ~]# ls /home/share/

10網段改造問題.txt docs.zip   IPVS.doc   中文目錄

boot.tgz            exam2.JPG putty.exe 資料庫

[roo[email protected] ~]# grep -i 'utf-8' /usr/local/apache2/conf/httpd.conf

AddDefaultCharSet UTF-8

IndexOptions Charset=UTF-8

2：過濾Apache可讀取的檔案類型，讓特定類型的檔案不能被通路

[email protected] ~]# grep -A 3 -E '(exe|zip)' /usr/local/apache2/conf/httpd.conf |grep -v '#'

<FilesMatch "/.(exe|zip)$">

Order allow,deny

Deny from all

</FilesMatch>

[[email protected] ~]# tail -f /usr/local/apache2/logs/error_log

[Thu May 20 14:44:25 2010] [error] [client 192.168.122.1] client denied by server configuration: /home/share/docs.zip

[Thu May 20 14:44:25 2010] [error] [client 192.168.122.1] client denied by server configuration: /home/share/putty.exe

3：重定向，重定向主要有temp,permanent,gone,seeother四種；

temp:臨時重定向，用于檔案目前不存在所請求的位置，将來預期會出現在該位置上時的臨時重定向

permanent:永久重定向，同temp的情況相反

gone：表示檔案不在此位置，以後也不應該再詢問了，但gone承認檔案曾經存在過，同404錯誤情況不同，這不會被認為是錯誤

seeother:告知用戶端原始檔案已經不存在，并且被不同位置的其他檔案所替代

預設情況下，如果沒有設定關鍵字，會使用臨時重定向

<VirtualHost 192.168.122.30:80>

DocumentRoot "/home/share"

ServerName   192.168.122.30

Redirect Permanent / http://hi.baidu.com/naruto6006

</VirtualHost>

[[email protected] ~]# tail -f /usr/local/apache2/logs/access_log

192.168.122.1 - - [20/May/2010:15:03:29 +0800] "GET / HTTP/1.1" 301 238

4:apache 檢視status和info資訊

[[email protected] ~]# grep 'info' /usr/local/apache2/conf/httpd.conf |grep -v '#'

Include conf/extra/httpd-info.conf

[[email protected] ~]# grep -A 5 -E '(status|info)' /usr/local/apache2/conf/extra/httpd-info.conf |grep -v '#' |uniq

<Location /server-status>

SetHandler server-status

Order deny,allow

Deny from all

Allow from 192.168.122.60

</Location>

<Location /server-info>

SetHandler server-info

Order deny,allow

Deny from all

Allow from 192.168.122.60

</Location>

5：配置防盜鍊

第一種方法，使用SetEnvIfNoCase實作

<FilesMatch "/.(jpg|jpeg|gif|png)$">

SetEnvIfNoCase Referer "^http://([^/]*/.)?yang.com" local_referrer=1

Order Allow,Deny

Allow from env=local_referrer

</FilesMatch>

第二種方法，使用rewrite規則實作

[ro[email protected] ~]# /usr/local/apache2/bin/apachectl -l |grep rewrite

mod_rewrite.c

<VirtualHost 192.168.122.30:80>

DocumentRoot "/home/share"   

ServerName   192.168.122.30

<Directory /home/share>

Options indexes followsymlinks

AllowOverride    All

order deny,allow

allow from all

</Directory>

</VirtualHost>

[[email protected] ~]# cat /home/share/.htaccess

RewriteEngine On

RewriteCond %{HTTP_REFERER} !^http://([^/]*/.)?yang.com$ [NC]

RewriteRule .*/.(gif|jpg|swf)$ http://www.yang.com/about/nolink.png [R,NC]

httpd.conf 檔案裡的配置，是在 apache 啟動時一次讀取，效率很高

.htaccess 檔案裡的配置，每次通路都需要讀取分析，效率很低;

6:mpm多路處理子產品調優；以下列出了不同作業系統上預設的MPM。如果你在編譯時沒有進行選擇，将預設選擇的 prefork；

BeOS    beos

Netware    mpm_netware

OS/2    mpmt_os2

Unix    prefork

Windows    mpm_winnt

core：          Apache HTTP伺服器核心提供的功能，始終有效；

mpm_common：    收集了被多個多路處理子產品(MPM)實作的公共指令；

beos：          專門針對BeOS優化過的多路處理子產品(MPM)；

event：         一個标準workerMPM 的實驗性變種；

mpm_netware：   專門為Novell NetWare優化的線程化的多路處理子產品(MPM)；

mpmt_os2：      專門針對OS/2優化過的混合多程序多線程多路處理子產品(MPM)；

prefork：       一個非線程型的、預派生的MPM；

mpm_winnt：     用于Windows NT/2000/XP/2003 系列的MPM；

worker：        線程型的MPM，實作了一個混合的多線程多處理MPM，允許一個子程序中包含多個線程；

[[email protected] ~]# /usr/local/apache2/bin/apachectl -l|grep -E '(work|prework|event)'

worker.c

[[email protected] ~]# grep 'mpm' /usr/local/apache2/conf/httpd.conf

Include conf/extra/httpd-mpm.conf

修改/usr/local/apache2/conf/extra/httpd-mpm.conf檔案MPM子產品如下：

<IfModule mpm_worker_module>

ServerLimit              100    //最大允許100子程序數

ThreadLimit              200    //最大允許200子線程數

StartServers             10     //Apache啟動立即産生10個子程序

MaxClients               3200   //允許最大的客戶數

MinSpareThreads          320    //最少有320個空線程

MaxSpareThreads          450    //最多有450個空線程

ThreadsPerChild          32     //一個子程序有32個常駐線程

MaxRequestsPerChild      1000   //每個子程序在其生存期内允許的最大請求數量

</IfModule>

7：虛拟目錄和網站别名

<VirtualHost 192.168.122.30:80>

DocumentRoot "/home/share"

ServerName   192.168.122.30

ServerAlias www.yang.com

Alias /test   "/tmp"

<Directory /tmp>

Options indexes followsymlinks

order deny,allow

allow from all

</Directory>

<Directory /home/share>

Options indexes followsymlinks

AllowOverride    All

order deny,allow

allow from all

</Directory>

</VirtualHost>

C:/Documents and Settings/yang>ping www.yang.com

Pinging www.yang.com [192.168.122.30] with 32 bytes of data:

Reply from 192.168.122.30: bytes=32 time<1ms TTL=64

8:Apache URL忽略大小寫

[roo[email protected] share]# /usr/local/apache2/bin/apachectl -l |grep spel

mod_speling.c

[[email protected] ~]# grep 'checkspelling' /usr/local/apache2/conf/httpd.conf

checkspelling on

9：AB性能測試

[[email protected] ~]# /usr/local/apache2/bin/ab -n 1000 -c 100 http://192.168.122.30/boot.tgz //n代表請求1000次，c代表同時發送100個請求

This is ApacheBench, Version 2.3 <$Revision: 655654 $>

Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/

Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 192.168.122.30 (be patient)

Completed 100 requests

Completed 200 requests

Completed 300 requests

Completed 400 requests

Completed 500 requests

Completed 600 requests

Completed 700 requests

Completed 800 requests

Completed 900 requests

Completed 1000 requests

Finished 1000 requests

Server Software:        Apache/2.2.14

Server Hostname:        192.168.122.30

Server Port:            80

Document Path:          /boot.tgz

Document Length:        5548786 bytes

Concurrency Level:      100

Time taken for tests:   8.481 seconds

Complete requests:      1000

Failed requests:        0

Write errors:           0

Total transferred:      5549070000 bytes

HTML transferred:       5548786000 bytes

Requests per second:    117.91 [#/sec] (mean)

Time per request:       848.119 [ms] (mean)

Time per request:       8.481 [ms] (mean, across all concurrent requests)

Transfer rate:          638945.27 [Kbytes/sec] received

Connection Times (ms)

min mean[+/-sd] median   max

Connect:        0    1   1.3      0      11

Processing:     6 786 828.4    496    6399

Waiting:        0 548 881.3    200    5877

Total:          6 787 828.2    497    6399

Percentage of the requests served within a certain time (ms)

50%    497

66%    636

75%    749

80%    908

90%   1719

95%   2660

98%   3559

99%   4116

100%   6399 (longest request)

[[email protected] # uptime   //檢視系統負載情況

11:00:35 up 2:00, 2 users, load average: 13.75, 3.06, 1.00

10：隐藏系統資訊和Apache的版本資訊

[[email protected] ~]# curl -I http://192.168.122.30

HTTP/1.1 200 OK

Date: Mon, 24 May 2010 03:11:54 GMT

Server: Apache/2.2.14 (Unix) DAV/2 PHP/5.2.9

Content-Type: text/html;charset=UTF-8

[[email protected] ~]# grep 'default.conf' /usr/local/apache2/conf/httpd.conf |grep -v '^#'

Include conf/extra/httpd-default.conf

[[email protected] ~]# grep -E '(Prod|Off)' /usr/local/apache2/conf/extra/httpd-default.conf |grep -v '^#'

UseCanonicalName Off     //UseCanonicalName、UseCanonicalPhysicalPort指令用來決定怎樣建構自引用 URL

ServerTokens Prod        //設定伺服器HTTP響應頭字段的值

ServerSignature Off      //隐藏Apache版本資訊

HostnameLookups Off      //關閉名字解析

[[email protected] ~]# curl -I http://192.168.122.30

HTTP/1.1 200 OK

Date: Mon, 24 May 2010 03:19:38 GMT

Server: Apache

Content-Type: text/html;charset=UTF-8